At H1, we believe access to the best healthcare information is a basic human right. Our mission is to provide a platform that can optimally inform every doctor interaction globally. This promotes health equity and builds needed trust in healthcare systems. To accomplish this our teams harness the power of data and AI-technology to unlock groundbreaking medical insights and convert those insights into action that result in optimal patient outcomes and accelerates an equitable and inclusive drug development lifecycle. Visit h1.co to learn more about us.
H1’s IT and Security team’s enables the business to scale responsibly by ensuring our systems, data, and processes meet the security, privacy, and compliance expectations of our customers, partners, and regulators. As a healthcare data company working with enterprise customers, maintaining strong compliance foundations is critical to trust, growth, and long-term success. This role plays a central part in keeping H1 audit-ready and ensuring compliance work is organized, predictable, and embedded into how we operate.
WHAT YOU'LL DO AT H1
As a Compliance Program Manager, you will own the day-to-day execution of H1’s compliance programs across SOC 2, ISO 27001, and HITRUST. You’ll manage timelines, coordinate evidence collection, maintain clean and audit-ready artifacts in Thoropass, and ensure audits and assessments run smoothly end-to-end. This is a hands-on, operational role focused on execution, follow-through, and cross-functional coordination.
You will:
- Own the compliance calendar, including timelines, milestones, check-ins, and recurring evidence collection across SOC 2, ISO 27001, and HITRUST.
- Drive audit readiness end-to-end by maintaining compliance roadmaps, dependencies, and deliverables to ensure work stays on track throughout the year.
- Operate Thoropass day-to-day by assigning evidence requests, sending reminders, maintaining clean artifacts, managing dashboards, and supporting basic workflows and access as needed.
- Coordinate audit activities by tracking auditor requests, managing deadlines, and ensuring responses are complete, accurate, and submitted on time.
- Partner cross-functionally with IT, Engineering, Product, HR, Legal, and Operations to assign ownership, align expectations, and drive follow-through.
- Draft, update, and maintain security and compliance policies and procedures that align required controls with real operational practices.
- Create new security and compliance policies as needed to support evolving business practices, audit requirements, and control gaps, ensuring policies are practical, clear, and aligned with how the company actually operates.
- Run compliance operations by managing policy review cycles, control narratives, version control, and evidence consistency across frameworks.
- Track findings and remediation by logging gaps, assigning owners and due dates, and validating closure and remediation evidence.
ABOUT YOU
You thrive in fast-paced, resource-constrained environments and take pride in making compliance “invisible” when things are working well. You are highly organized, detail-oriented, and persistent, with the ability to keep complex workstreams moving forward without formal authority.
You are comfortable being both an operator and an enabler, owning the compliance system end-to-end, following up relentlessly to close gaps, and creating structure where none exists. You enjoy turning ambiguous requirements into clear, practical processes and policies that teams can realistically follow.
This role is a strong fit if you have experience:
- Acting as a primary owner of compliance programs, not supporting compliance as a side responsibility
- Executing SOC 2, ISO 27001, and/or HITRUST programs end-to-end in growing organizations
- Creating, refining, and maintaining security and compliance policies that reflect real operational practices
- Managing compliance tooling (e.g., Thoropass, Drata, Vanta) and using it to drive accountability and visibility
- Coordinating cross-functionally, tracking dozens of parallel work items, and holding stakeholders accountable to timelines
REQUIREMENTS
-4+ years of experience in program management, compliance coordination, security operations, or a similar cross-functional role
- Strong familiarity with SOC 2; exposure to ISO 27001 and/or HITRUST (hands-on experience is a plus, not required)
- Solid project and program management fundamentals, including task tracking, dependency management, and stakeholder follow-up
- Excellent documentation skills and attention to detail (naming conventions, versioning, evidence quality)
- Experience drafting and maintaining policies and procedures aligned to operational reality
- Experience using compliance tools such as Thoropass, Drata, or Vanta (Thoropass preferred)
COMPENSATION
This role pays $90,000k to $115,000k per year, based on experience, in addition to stock options.
Anticipated role close date: 02/23/2026